Multiple vulnerabilities in Google Chrome

Описание

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions or spoof user interface.

Below is a complete list of vulnerabilities:

1. An UI spoof vulnerability can be exploited remotely to spoof user interface.
2. Type Confusion vulnerability in V8 component can be exploited remotely to execute arbitrary code;
3. An out of bounds read in Skia can be exploited to cause denial of service;
4. A use after free vulnerability in Canvas can be exploited remotely to execute arbitrary code;
5. An integer overflow vulnerability in PDFium can be exploited remotely to cause denial of service and execute arbitrary code;
6. A permissions vulnerability in Extensions can be exploited remotely to execute arbitrary code;
7. A CSP bypass vulnerability can be exploited remotely to bypass security restrictions;
8. An Command line injection vulnerability can be exploited remotely to execute arbitrary code;
9. A CSP bypass vulnerability can be exploited to bypass security restrictions;
10. A use after free vulnerability in FileAPI can be exploited remotely to execute arbitrary code;
11. Heap buffer overflow vulnerability in V8 component can be exploited remotely to execute arbitrary code;
12. A use after free vulnerability in WebMIDI can be exploited remotely to execute arbitrary code;
13. A race condition vulnerability in Extensions can be exploited remotely to execute arbitrary code;
14. A race condition vulnerability in DOMStorage can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• Stable Channel Update for Desktop
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Google-Chrome

Список CVE

• CVE-2019-5786
  high
• CVE-2019-5802
  high
• CVE-2019-5791
  critical
• CVE-2019-5801
  high
• CVE-2019-5798
  high
• CVE-2019-5787
  critical
• CVE-2019-5792
  critical
• CVE-2019-5793
  high
• CVE-2019-5800
  high
• CVE-2019-5804
  high
• CVE-2019-5803
  high
• CVE-2019-5788
  critical
• CVE-2019-5790
  critical
• CVE-2019-5799
  high
• CVE-2019-5789
  critical
• CVE-2019-5794
  high
• CVE-2019-5796
  critical
• CVE-2019-5795
  critical
• CVE-2019-5797
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com